Selectively obscuring and/or revealing sensitive information in a display of a computing device

ABSTRACT

A computer-implemented method may include (1) generating or receiving, at a computing device, display data defining a display layout and one or more fields; (2) providing, on a display screen of the computing device and by processing the display data, a display that initially obscures an item of information in a secure field without obscuring an entirety of the display; (3) detecting, using at least a camera of the computing device, a change in orientation of a user relative to the computing device; and (4) in response to the change in orientation, causing the display to show the item of information in the secure field, and after causing the display to show the item, (i) detecting an expiration of a predetermined time limit, and (ii) in response to detecting the expiration, causing the display to again obscure the item in the secure field without obscuring the entirety of the display.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.15/921,804, filed Mar. 15, 2018 and entitled “Selectively Obscuringand/or Revealing Sensitive Information in a Display of a ComputingDevice,” which is a continuation of U.S. patent application Ser. No.14/972,590 (now U.S. patent Ser. No. 15/921,804), entitled “SelectivelyObscuring and/or Revealing Sensitive Information in a Display of aComputing Device” and filed on Dec. 17, 2015, which claims the benefitof U.S. Provisional Patent Application No. 62/102,809, entitled“Selectively Obscuring and/or Revealing Sensitive Information in aDisplay of a Computing Device” and filed on Jan. 13, 2015. Thedisclosures of all of the above-identified applications are herebyincorporated herein by reference in their entirety.

FIELD OF THE DISCLOSURE

The present disclosure generally relates to information security and,more specifically, to systems and methods for maintaining privacy withrespect to information displayed on a computer screen.

BACKGROUND

Increasingly, individuals use mobile/portable computing devices to viewtheir personal information online. For example, individuals use theirsmartphones, tablets, phablets, etc., to access online bank accountscontaining account numbers, account balances and/or credit card numbers,online insurance accounts/policies containing policy numbers, coveragelevels and/or social security numbers, and so on. Typically, allinformation is presented on the screen of the computing device in thesame manner once a user is authenticated (e.g., enters a login andpassword), even though the user may only need to see the sensitiveportions of the information for a relatively brief time period. As aresult, other individuals in the vicinity of the user may easily see thesensitive information, increasing the risk of unauthorized use of theinformation (e.g., identity theft). Moreover, the size of the computerscreens on which information is displayed to mobile users (e.g., tablet,phablet or smartphone touch screens) have generally been increasing insize, which may cause the displayed information to be larger and moreeasily seen by others in the vicinity of the screen, and/or may causemore sensitive information to be displayed at one time. Furthermore, theproliferation of camera devices (e.g., smartphone cameras) increases therisk that someone will capture an image of a display screen, and laterview the image to identify any sensitive information contained therein.

Some conventional techniques require physically positioning a filter orlenticular film over a laptop computer screen such that information onthe screen may only be read within a narrow viewing angle. Otherconventional techniques do not require purchasing and positioning aphysical filter or film, but have other drawbacks. For example, someapplications allow a user to hide his or her password by replacing thetyped password characters with asterisks or other characters/shapes(e.g., “•••••”), and further allow the user to selectively show or hidethe password characters by clicking a virtual control box located nextto the password field. These conventional techniques generally fail toprovide a security mechanism that is user friendly. For example, thetechnique for hiding passwords described above requires that the userlocate and activate a dedicated control positioned near the passwordfield on the display (e.g., a clickable “SHOW” or “HIDE” text in thevicinity of the password field). As a result, the user may forget orotherwise neglect to obscure sensitive information after viewing.Moreover, the conventional techniques are restricted to hiding/showingthe single field associated with the control (i.e., the password field).

BRIEF SUMMARY

The present embodiments may, inter alia, enable a user to easily andintuitively obscure and/or reveal sensitive information within a displayof the user's computing device, which may in turn reduce the likelihoodthat other, nearby individuals will see or capture (e.g., photograph)the sensitive information and use the information for unauthorizedpurposes. In one embodiment, the user, by taking certain actions, mayhide sensitive information on demand, and then return that informationto being visible when desired, or vice versa.

In one aspect, a computer-implemented method of selectively obscuringsensitive information on a computer display may include: (1) generatingor receiving, at a computing device, display data defining a displaylayout and one or more fields; (2) providing, on a display screen of thecomputing device and by processing the display data, a display thatinitially obscures a first item of information in a first secure fieldof the one or more fields without obscuring an entirety of the display;(3) detecting, using at least a camera of the computing device, a changein orientation of a user of the computing device relative to thecomputing device; and/or (4) in response to the change in orientation,(A) causing the display to show the first item of information in thefirst secure field; and (B) after causing the display to show the firstitem of information in the first secure field, (i) detecting anexpiration of a predetermined time limit, and (ii) in response todetecting the expiration of the predetermined time limit, causing thedisplay to again obscure the first item of information in the firstsecure field without obscuring the entirety of the display.

In another aspect, a computer device configured to selectively obscuresensitive information on a display screen may include a display screen,a camera, one or more processors and a non-transitory, computer-readablememory. The memory may store instructions that, when executed by the oneor more processors, cause the computing device to: (1) generate orreceive, at the computing device, display data defining a display layoutand one or more fields; (2) provide, on the display screen of thecomputing device and by processing the display data, a display thatinitially obscures a first item of information in a first secure fieldof the one or more fields without obscuring an entirety of the display;(3) detect, using at least a camera of the computing device, a change inorientation of a user of the computing device relative to the computingdevice; and/or (4) in response to the change in orientation, (A) causethe display to show the first item of information in the first securefield; and (B) after causing the display to show the first item ofinformation in the first secure field, (i) detect an expiration of apredetermined time limit, and (ii) in response to detecting theexpiration of the predetermined time limit, cause the display to againobscure the first item of information in the first secure field withoutobscuring the entirety of the display.

In another aspect, a computer-implemented method of selectivelyobscuring sensitive information on a computer display may include: (1)generating or receiving, at a computing device, display data defining adisplay layout and one or more fields; (2) providing, on a displayscreen of the computing device and by processing the display data, adisplay that initially obscures a first item of information in a firstsecure field of the one or more fields without obscuring an entirety ofthe display; (3) detecting, using the computing device, a change inorientation of a user of the computing device relative to the computingdevice; and/or (4) in response to the change in orientation, (A) causingthe display to show the first item of information in the first securefield; and (B) after causing the display to show the first item ofinformation in the first secure field, (i) detecting an expiration of apredetermined time limit, and (ii) in response to detecting theexpiration of the predetermined time limit, causing the display to againobscure the first item of information in the first secure field withoutobscuring the entirety of the display.

BRIEF DESCRIPTION OF THE DRAWINGS

The Figures described below depict various aspects of the system andmethods disclosed herein. It should be understood that each figuredepicts an embodiment of a particular aspect of the disclosed system andmethods, and that each of the Figures is intended to accord with apossible embodiment thereof.

FIG. 1 depicts an exemplary environment including components associatedwith providing a user with the ability to selectively obscure and/orreveal sensitive information in a display of a computing device,according to an embodiment.

FIG. 2A depicts an exemplary computing device display on which a usermay selectively obscure and/or reveal sensitive information, accordingto an embodiment and scenario.

FIG. 2B depicts the exemplary computing device display of FIG. 2A afterthe user has obscured sensitive information, according to an embodimentand scenario.

FIG. 3 depicts a flow diagram of an exemplary method for selectivelyobscuring and/or revealing sensitive information in at least one fieldof a display of a computing device, according to an embodiment.

FIG. 4 depicts a flow diagram of an exemplary method for selectivelyobscuring and/or revealing sensitive information in multiple fields of adisplay of a computing device, according to an embodiment.

FIG. 5 depicts an exemplary computer system in which the techniquesdescribed herein may be implemented, according to an embodiment.

DETAILED DESCRIPTION I. Exemplary Obscuring and/or Revealing ofSensitive Information on a Computing Device Display

The present embodiments relate to concealing sensitive informationdisplayed on a display screen of a computing device. The computingdevice may be a portable/mobile computing device, such as a tablet,phablet, smartphone, smart glasses, smart watch, notebook computer orlaptop computer, wearable electronics, other computing devicesconfigured for wireless RF (radio frequency) communication, for example.Alternatively, in some embodiments, the computing device may be adesktop computer, or another stationary or semi-stationary computingdevice. The display screen may be an output (or input/output) componentor device of the computing device, such as a smartphone touch screen, atablet touch screen or a laptop monitor, for example.

Depending upon the embodiment and/or scenario, “sensitive” informationmay include any manner of information/data, such as identificationcodes/numbers (e.g., passwords, user names, social security numbers,etc.), account numbers (e.g., bank account numbers, credit card numbers,insurance policy numbers, etc.), names, dates, phone numbers, addresses,salary information, financial information (e.g., account balances,descriptions of past financial transactions, portfolio information,etc.), legal information, medical records and/or confidential businessinformation, for example. The sensitive information may be provided to auser of the computing device in connection with a secure account, suchas a bank account, an investment/trading account, an insurance account,and/or an employee account (e.g., an account for accessing anapplication/tool that helps the user to perform his or her jobfunctions), for example.

In the context of an automobile (and/or other) insurance account, forexample, the sensitive information may include the account/policynumber, the premium, the coverage types, levels and/or deductibles,vehicle information, names of associated individuals (e.g., otherdrivers), and so on. The insurance accounts may relate to automobile,home owners, renter, life, health, pet, or other types of insurance. Thesensitive information may also include text and/or other content, suchas images and/or video, for example.

In some embodiments, a dedicated application running on the user'scomputing device may generate display data for a display that is to bepresented on the display screen of the computing device. The displaydata may define the layout/presentation of the display, and/or some orall of the content of the display, for example. In some embodiments, theapplication may obtain additional content for one or more fields of thedisplay, including one or more pieces of sensitive information, from aremote server. For example, the application may receive or retrieve, ina “push” or “pull” manner, account information (e.g., account numbers,account balances, etc.) from a third party server (e.g., a bank server,investment/trading company server, insurance provider remote server orother processors, etc.) after the user enters a valid login and/orpassword. Alternatively, the application may obtain all content,including the sensitive information, from a local storage of thecomputing device, and/or based upon information that the user enteredusing a keyboard or other input device. In other embodiments, a webbrowser application running on the user's computing device may access aweb page to obtain the display data, including some or all of thesensitive information within the display content. The web page may bestored on a third party server (e.g., bank server, insurance providerserver, etc.), and accessed by entering a valid login and/or password ona login web page, for example.

The display data, when processed by the user's computing device, maycause the display screen to present a display that may include one ormore fields for various kinds of information associated with theaccount. For a bank account, for example, the display may include one ormore account number fields (e.g., checking account number, savingsaccount number, etc.), one or more account balance fields, a field forthe user's name, one or more fields for a list of recent transactions,etc. Some or all of the fields may be designated as “secure fields”associated with a security feature. For example, an applicationexecuting on the user's computing device may include field type datathat indicates which fields will or may contain sensitive information.Alternatively, a third party server that provides field contents/valuesmay provide not only the content/values, but also data flags indicatingwhich pieces of information are sensitive. In this manner, the entityproviding the data may control which information in the display iscategorized as “sensitive” information.

A local application executing on the user's computing device, and/or athird party server (e.g., via a web page), may also include or provideinstructions that specify when information in the secure field(s) is tobe obscured and/or revealed. For example, the instructions may specifywhether information in secure fields is initially shown or hidden, andwhich user actions (and/or other triggers) will cause the information tobe obscured or revealed. As a more specific example, the instructionsmay specify that information in the secure field(s) is initially hidden,and that the user may cause the information to be revealed by tiltingthe computing device to any angle other than the starting angle (e.g.,other than the angle of the device when the display was first presentedto the user), by swiping his or her finger on the display screen, bymoving his or her head relative to the computing device, by tapping (ortapping and holding) a specific area of the display, and/or byperforming some other action. As another example, the instructions mayspecify that information in the secure field(s) is initially shown, andthat the user may cause the information to be obscured by swiping his orher finger on the display screen, by turning his or her head/face awayfrom the display screen, by shifting the computing device such that theuser's eyes are no longer in the same position relative to afront-facing camera (e.g., a camera mounted on or near the displayscreen), and/or by performing some other action.

In some embodiments, a single type of action may cause the informationto toggle back and forth between hidden/revealed states. For example,the user may swipe his or her finger on the display screen to revealinformation in the secure field(s), and/or swipe his or her finger againin the same manner to again hide that information. In other embodiments,different types of actions may cause the information to be hidden andrevealed. For example, the user may swipe his or her finger on thedisplay screen to reveal the information, and turn his or her eyesand/or face away from the display screen to again hide the information.In still other embodiments, a timer may dictate how long information isrevealed. For example, the user may swipe his or her finger (or move hisor her head, etc.) to reveal information that was initially obscured,and the information may automatically be obscured again when a timerexpires (e.g., 2 seconds after the information was revealed, 4 secondsafter the information was revealed, etc.).

The triggers for obscuring and/or revealing information may be global tomultiple (e.g., all) secure fields in the display. For example, a usermay swipe his or her finger over any portion of a display screen (or aspecific portion of the display screen) a single time to hideinformation in all of the secure fields, and/or may cause theinformation in all of the secure fields to be hidden by turning his orher face away from the display screen a single time, etc. In otherembodiments, triggers may be specific to particular secure fields in adisplay. For example, a user may swipe his or her finger overinformation shown in a first field of the display to hide only thatinformation (e.g., a social security number), and swipe his or herfinger over information in a different, second field of the display tohide only that information (e.g., an account balance).

The instructions included in a local application, and/or provided by aremote server, may also specify the manner in which information in thesecure field(s) is obscured and/or revealed. For example, information inthe secure fields may be obscured by blurring the information accordingto a suitable image processing algorithm when the appropriate triggeroccurs. As another example, the information may be obscured by blackingout (or graying out, etc.) the information substantially or entirelywhen the appropriate trigger occurs. As yet another example, obscuredinformation may be revealed instantly when the appropriate triggeroccurs, or may gradually become clear (un-blurred), gradually “fade in,”etc.

Some or all of the features described above, and/or elsewhere herein,may provide one or more of various advantages. For example, users mayconceal and reveal their personal information (and/or other sensitiveinformation, such as confidential information of an employer) withgreater ease, in a more intuitive manner, and/or, for some embodiments(e.g., where information is hidden/revealed in response to head and/oreye movements), without consciously deciding to do so. As a result,sensitive information may be concealed from others (e.g.,“eavesdroppers”) in a more reliable fashion.

II. Exemplary Environment for Enabling a User to Selectively Obscureand/or Reveal Sensitive Information in a Computing Device Display

FIG. 1 depicts an exemplary environment 10 including componentsassociated with providing a user with the ability to selectively obscureand/or reveal sensitive information in a display of a computing device,according to an embodiment. As illustrated in FIG. 1, the environment 10may include a client device 12 and/or a computing system 14. Thecomputing system 14 may include one or more servers of a commercial ornon-commercial entity such as a bank, an insurance provider, aninvestment/trading company, etc. The user of client device (or mobiledevice) 12 may be a customer, employee or associate of the entity, forexample. In the example environment 10, the computing system 14 may becommunicatively coupled to the client device 12 via a network 16.Network 16 may be a single communication network, or may includemultiple communication networks of one or more types (e.g., one or morewired and/or wireless local area networks (LANs), and/or one or morewired and/or wireless wide area networks (WANs) such as the Internet).

The computing system 14 may include one or more types of persistentmemory storing account data 20. Account data 20 may include account dataassociated with a number of different individuals, such as bank accountinformation of bank customers (e.g., account holder names, accountnumbers, current account balances, transaction history information,etc.) or policy information of insurance customers (e.g., policyholdernames, policy numbers, coverage types/levels, information about coveredproperties, etc.), for example. The computing system 14 may also includea user authentication unit 22. Generally, the user authentication unit22 may determine whether user authentication information (e.g., logins,passwords and/or tokens) entered by users at client devices is valid,and/or may determine which account information in account data 20corresponds to which user authentication information. The computingsystem 14 may further include an account data provision unit 24.Generally, the account data provision unit 24 may provide theappropriate portions of the account data 20 to users in response to theuser authentication unit 22 verifying the users' credentials. Forexample, the account data provision unit 24 may send the appropriateaccount information to a user each time that the user logs in, and/ormay “push” account information to a user on a regular basis after theuser logs in a single time, etc.

In some embodiments, the user authentication unit 22 and the accountdata provision unit 24 may each be (or may each include) a respectiveset of one or more processors that executes software instructions toperform the functions described herein, and/or the user authenticationunit 22 and the account data provision unit 24 may share a set of one ormore processors. Alternatively, one or both of the user authenticationunit 22 and the account data provision unit 24 may be a component ofsoftware that is stored on a computer-readable medium (e.g., a randomaccess memory (RAM) and/or read-only memory (ROM) of the computingsystem 14) and executed by one or more processors of the computingsystem 14 to perform the functions described herein. In someembodiments, the computing system 14 may include more, fewer and/ordifferent units than are shown in FIG. 1, including any of thecomponents discussed elsewhere herein. For example, the computing system14 may omit the user authentication unit 22, may store a set of businessrules associated with management of user accounts (e.g., for determiningwhich types of account information should be provided to a particularuser), and so on.

While many users (e.g., account holders) may have computing devices incommunication with the computing system 14, for clarity FIG. 1illustrates only the example client device 12 of a single user. Asillustrated in FIG. 1, the client device 12 may include a centralprocessing unit (CPU) 30 to execute computer-readable instructions, aRAM 32 to store the instructions and data during operation of programs,a data storage 34 that may include persistent memory to store data usedby the programs executed by CPU 30, and a program storage 36 that mayinclude persistent memory to store the programs/instructions executed byCPU 30. By way of example, the data storage 34 and/or the programstorage 36 may be implemented on a hard disk drive coupled to CPU 30 viaa bus (not shown in FIG. 1). More generally, the components 30, 32, 34and 36 may be implemented in any suitable manner according to knowntechniques. The client device 12 may be a portable/mobile device (e.g.,a smartphone, tablet, phablet, laptop, pager, PDA (personal digitalassistant), smart watch or bracelet, smart glasses, wearableelectronics, etc.), a personal computer (e.g., a desktop), or any othersuitable computing device, and may be configured for wired and/orwireless communication via network 16. While the client device 12 in theexample of FIG. 1 may include both storage and processing components,the client device 12 may instead be a so-called “thin” client thatdepends upon another computing device for certain computing and/orstorage functions. For example, data storage 34 and/or program storage36 may be external to the client device 12 and connected to the clientdevice 12 via a network link.

The program storage 36 may store a user account application 40 that isgenerally configured to obtain account data and present that accountdata to the user. The user account application 40 may be a nativeapplication that was downloaded from a server of the computing system14, or was pre-installed on the client device 12 prior to use by theuser, for example. To support the functionality of the user accountapplication 40, the user account application 40 may include an accountdata collection module 42, a presentation module 44, a detection module46 and a timer module 48. In some embodiments, the user accountapplication 40 may include more, fewer and/or different modules than areshown in FIG. 1 (e.g., timer module 48 may be omitted, etc.). Thefunctionality of the user account application 40 and the modules 42, 44,46 and 48 will be described in further detail below, according tovarious embodiments. When CPU 30 executes the user account application40, RAM 32 may temporarily store the instructions and data required forits execution. In FIG. 1, the user account application 40 being executedis represented in the program space of RAM 32 as user accountapplication 50.

The client device 12 may be coupled to an input device 52 that allowsthe user to enter inputs to the client device 12, and a display screen54 that allows the user to view outputs/displays generated by the clientdevice 12 (e.g., outputs/displays generated by CPU 30 and/or a graphicsprocessing unit not shown in FIG. 1). The input device 52 may include apointing device such as a mouse, keyboard, trackball device, digitizingtablet or microphone, for example. The display screen 54 may be thescreen of a laptop, smartphone, or tablet, for example. Using the inputdevice 52 and the display screen 54, a user may be able to interact withgraphical user interfaces (GUIs) provided by the client device 12.

The client device 12 may also include one or more sensors 56. Generally,the sensor(s) 56 may detect user actions, and/or movements of the clientdevice 12 (and/or movements of a portion of the client device 12). Forexample, sensor(s) 56 may include an image or video camera that ismounted on or near the display screen 54, and faces the user as he orshe views the display screen 54. As another example, sensor(s) 56 mayinclude an accelerometer that generates an output indicative of movementof the client device 12 (e.g., tilt, side-to-side movement, etc.). Asyet another example, sensor(s) 56 may include a sensor that generates anoutput indicative of gestures that the user makes on the display screen54. For example, the input device 52, display screen 54 and one or moreof sensor(s) 56 may be integrated to provide a touch screen that bothpresents visual displays and detects user inputs (e.g., tap, tap andhold, swipe, etc.).

In operation, a user of the client device 12 may access his or heraccount information by launching the user account application 40. Whenthe user account application 40 is launched, the account data collectionmodule 42 may provide a user interface on the display screen 54 thatallows the user to enter his or her authentication information (e.g.,login, password, token, etc.). In some embodiments, however, the accountdata collection module 42 does not require entry of authenticationinformation, or only requires entry of authentication information once(e.g., when the user account application 40 is launched for the firsttime), etc. The account data collection module 42 may provide anyentered authentication information to the computing system 14 vianetwork 16 (e.g., using a network interface of client device 12 notshown in FIG. 1). The user authentication unit 22 may then process theauthentication information to determine whether the user is anauthorized user. To this end, the user authentication unit 22 may accessaccount data 20, or another database not shown in FIG. 1, to determinewhether the authentication information matches any account for whichinformation is stored in account data 20.

If the user is authorized, the user authentication unit 22 may generatedata indicating the authorization, including data identifying the user,and provide that data to the account data provision unit 24. The accountdata provision unit 24 may then retrieve the account information fromaccount data 20 that is associated with the identified user, and/orprovide that information to the client device 12 via network 16 (e.g.,using a network interface of computing system 14 not shown in FIG. 1).The account data collection module 42 may then receive the accountinformation, and the presentation module 44 may generate a display thatprovides the received account information to the user on the displayscreen 54. In some embodiments, the account data provision unit 24 ofthe computing system 14 may instead (or also), on a periodic or otherbasis, provide the most recent account information to the client device12, without receiving specific requests for that information. That is,the account data provision unit 24 may “push” the account information tothe client device 12.

The display provided on the display screen 54 may be arranged accordingto instructions of the presentation module 44. For example, theinstructions may specify locations and/or text descriptors of one ormore fields for displaying account information. In one embodiment and/orscenario in which the user account application 40 is an application forviewing bank account information, for example, the display may includefields for account number, account balance, transaction history, etc. Inanother example embodiment and/or scenario in which the user accountapplication 40 is an application for viewing insurance policyinformation, the display may include fields for policyholder name,policy number, coverage types, deductibles, limits, claim historyinformation, discounts, etc. One example of a display that may begenerated by the presentation module 44 is shown in FIGS. 2A and 2B,discussed below. In some embodiments, the presentation module 44 maygenerate the display prior to the account data collection module 42receiving the account information, such that some or all of the displayfields are initially empty (or contain a default value, old value, etc.)until the presentation module 44 can populate the fields.

In an embodiment, the fields of the display may include one or morefields that the presentation module 44 designates as “secure” fields forholding sensitive information. Alternatively, the presentation module 44may not differentiate between fields in this manner, and instead maycheck for data flags associated with the information that thepresentation module 44 uses to populate the fields. In this latterembodiment, the account data provision unit 24 may determine which fieldinformation is sensitive (e.g., by checking a designation in the accountdata 20 and/or a set of business rules stored in a memory of thecomputing system 14), and flag those values so that the presentationmodule 44 may treat them accordingly. In either of these embodiments,the presentation module 44 may treat one or more fields as containingsensitive information, and the remaining fields, if any, as containingnon-sensitive information.

The presentation module 44 may determine when the sensitive informationin the display is to be obscured and/or revealed. For example, thepresentation module 44 may initially hide the sensitive information, ormay initially show the sensitive information. In some embodiments, theuser may configure settings to determine whether the presentation module44 initially hides or shows the sensitive information. The presentationmodule 44 may hide/obscure information by blurring the informationaccording to a suitable image processing algorithm (e.g., Gaussianblurring), or by using another suitable technique (e.g., blacking out orgraying out the information, etc.).

The presentation module 44 may also change the state of the sensitiveinformation (e.g., from hidden to shown, or from shown to hidden) basedupon predetermined triggers generated by the detection module 46. Thedetection module 46 may generate the triggers by processing theinformation generated by sensor(s) 56 to identify triggering events. Forexample, the detection module 46 may generate a trigger when a videocamera of sensor(s) 56 provides video images indicating that the userhas moved his or her eyes away from the display screen 54 for more thansome threshold amount of time, that the user has shifted his or her headsuch that the position of the user's eyes has moved relative to thedisplay screen 54, that the user has turned his or her head/face awayfrom or towards the display screen, etc. As another example, thedetection module 46 may generate a trigger when one or moreaccelerometers of sensor(s) 56 generate an output indicating that theclient device 12 has been moved in a particular direction and/or manner(e.g., has been tilted), has been moved by a threshold amount, has beenmoved with a threshold acceleration or velocity, etc. As yet anotherexample, the detection module 46 may generate a trigger when a touchscreen sensor of sensor(s) 56 generates an output indicating that theuser has made a particular gesture (e.g., swipe) on the display screen54, or indicating that the user has tapped and held a specific area ofthe display screen 54, etc.

In some embodiments, the presentation module 44 may also change thestate of the sensitive information (e.g., from hidden to shown, or fromshown to hidden) based upon a trigger generated by the timer module 48.For example, the timer module 48 may start running a timer whensensitive information that was initially hidden is revealed, and informthe presentation module 44 that the sensitive information should againbe obscured when the timer has expired (e.g., reached a predeterminedtimer threshold value).

As seen from the above examples, sensitive information may be obscuredand/or revealed in response to numerous different triggers and/ortrigger combinations in different embodiments. If the presentationmodule 44 initially obscures the sensitive information, for example, thepresentation module 44 may reveal the sensitive information in responseto the user swiping his or her finger on the display screen 54 a firsttime (or tapping and holding a specific area of the display screen 54,and/or moving his or her head relative to the display screen 54, etc.),and then may again obscure the sensitive information in response to theuser swiping his or her finger on the display screen 54 a second time(or tilting the client device 12, and/or turning his or her face awayfrom the display screen 54, etc.), or in response to the timer module 48indicating that a timer has expired. In other example embodiments, ifthe presentation module 44 initially shows the sensitive information,the presentation module 44 may obscure the sensitive information inresponse to the user tilting the client device 12 (or swiping his or herfinger on the display screen 54, or tapping and holding a specific areaof the display screen 54, or turning his or her head relative to thedisplay screen 54, and/or shifting the client device 12 such that theuser's eyes are no longer in the same position relative to afront-facing camera of sensor(s) 56, etc.), and then may reveal thesensitive information again in response to the user swiping his or herfinger (or tapping and holding a specific area of the display screen 54,and/or moving his or her head relative to the display screen 54, etc.).

In some embodiments, a single type of action may cause the presentationmodule 44 to toggle the visibility of the sensitive information back andforth between hidden/revealed states. As noted above, for example, thepresentation module 44 may reveal initially hidden sensitive informationwhen the user swipes his or her finger on the display screen 54 a firsttime, and again obscure the sensitive information when the user swipeshis or her finger a second time in the same manner. As another example,the presentation module 44 may obscure initially shown sensitiveinformation when the user turns his or her head/face away from thedisplay screen 54, and again reveal the sensitive information when theuser turns his or her head/face back towards the display screen 54. Inother embodiments, different types of actions may cause the presentationmodule 44 to hide and reveal the sensitive information. For example, thepresentation module 44 may reveal initially hidden sensitive informationwhen the user swipes his or her finger on the display screen 54, andagain obscure the sensitive information when the user turns his or herhead/face away from the display screen 54.

The presentation module 44 may obscure and reveal all sensitiveinformation in the display (e.g., all information in the field(s)designated as “secure” by the user account application 40, and/or allinformation designated as sensitive when provided to the client device12 by the account data provision unit 24, etc.) in unison based upon asingle trigger. For example, the presentation module 44 may obscure allsensitive information in the display in response to the user swiping hisor her finger on the display screen 54 (and/or turning his or her faceaway from the display screen 54, etc.) a single time, and/or may revealall sensitive information in the display in response to the user againswiping his or her finger on the display screen 54 (or moving his or herhead relative to the display screen 54, etc.) a single time. In otherembodiments, the presentation module 44 may obscure and/or revealdifferent portions of the sensitive information based upon differenttriggers (e.g., triggers specific to one or more particular securefields of the display, etc.). For example, the presentation module 44may toggle the visibility of only information in a first field of thedisplay in response to the user swiping his or her finger over the firstfield, and may toggle the visibility of only information in a different,second field of the display in response to the user swiping his or herfinger over the second field.

While the environment 10 shown in FIG. 1 and described above correspondsto an exemplary embodiment in which the display is generated andcontrolled by user account application 40 executing on the client device12, in other embodiments the display may be generated and controlled(e.g., sensitive information may be obscured and/or revealed) accordingto instructions of one or more web pages. For example, the account dataprovision unit 24 may include one or more web pages with HyperTextMarkup Language (HTML) instructions, JavaScript instructions, JavaServerPages (JSP) instructions, and/or any other type of instructions suitablefor defining the content and presentation of the display, and theprogram storage 36 of the client device 12 may include a web browserapplication that the user can launch to access the web page(s).

As can be seen from the above discussion, the components in theenvironment 10, when using the above techniques, may enable a user toselectively conceal and reveal sensitive information within a displaywithout any significant interruption to his or her perusal ofnon-sensitive information in the display (e.g., without covering thedisplay screen 54 entirely, closing any windows, powering down theclient device 12, etc.). In some embodiments, the sensitive informationmay quickly be concealed at the user's bidding (e.g., by quickly tiltingthe user's tablet or smartphone when the user notices someone elseapproaching), and/or may be concealed without the user needing to make aconscious decision to do so (e.g., in embodiments where sensitiveinformation is concealed when the user looks away from the displayscreen).

III. Exemplary Computing Device Display on which a User May SelectivelyObscure and/or Reveal Sensitive Information

FIGS. 2A and 2B depict an exemplary display 100, of a computing device102 having a display screen 104, on which a user may selectively obscureand/or reveal sensitive information, according to an embodiment andscenario. With reference to FIG. 1, for example, the computing device102 may be the client device 12, the display screen 104 may be thedisplay screen 54, and the display 100 may have been generated by thepresentation module 44 of user account application 40. Alternatively,the display 100 may have been generated according to the instructions ofa web page stored in a memory of the computing system 14, or may havebeen generated in another suitable manner. It is understood that thedisplay 100 is just one example corresponding to the field of personalbanking. In other embodiments and/or scenarios, the display 100 mayinstead provide information associated with an insurance policy oraccount, information associated with a trading/investment account,information associated with performing particular job functions, or anyother type of information that may be, or may include, sensitiveinformation. In embodiments where the display 100 is an interactive userinterface, the display screen 104 may be a touch screen, and the display100 may include virtual controls responsive to touch control by theuser. Alternatively, the user may interact with the display 100 viaother types of input, such as mouse clicks and mouse movement, touchinga touch pad on a lap top computer, etc., or the display 100 may bepurely informational and unresponsive to any user inputs (other than theactions that cause sensitive information to be obscured and/or revealed,as discussed below).

The display 100 may include one or more fields for displayinginformation. In the example embodiment of FIGS. 2A and 2B, for example,the display 100 includes a name field 110 for displaying the name of theaccount holder, an account number field 112 for displaying the checkingaccount number of the account holder, a transaction history field 114for displaying recent checking account transactions of the accountholder (or, alternatively, a separate field for each of the recenttransactions), a total balance field 120 for displaying the totalchecking account balance for the account holder, an available balancefield 122 for displaying the currently available checking accountbalance for the account holder, and/or an alert field 124 for displayingalerts to the account holder. In other embodiments and/or scenarios, thedisplay may include more, fewer and or different fields than are shownin FIGS. 2A and 2B.

FIGS. 2A and 2B correspond to an example embodiment and scenario inwhich the name field 110 is not a secure field, while all of fields 112,114, 120, 122 and 124 are secure fields for sensitive information, andin which all information (including sensitive information) is initiallyshown rather than being hidden. When the user takes the appropriatetriggering action (e.g., tilting the computing device 102, swiping hisor her finger across the display screen 104, turning his or head/faceaway from the display screen 104, and/or any other action describedabove in connection with FIG. 1), the display 100 shown in FIG. 2A maychange to appear as shown in FIG. 2B. As seen in FIG. 2B, theinformation in each of the secure fields 112, 114, 120, 122 and 126 hasbeen obscured/redacted (e.g., grayed out or blacked out), while theinformation (name) in the non-secure field 110 continues to be shown. Inother embodiments, the information in each of the secure fields 112,114, 120, 122 and 126 may instead be blurred according to an imageprocessing algorithm (e.g., using Gaussian blurring), or may be obscuredin another manner. In some embodiments, however, the information in eachof the secure fields 112, 114, 120, 122 and 126 may be obscured in amanner that cannot be “reverse engineered” to reveal the information(e.g., by applying an inverse of the image processing that was used toblur the information, and/or by using an image processing algorithm tosharpen edges contained in the image, etc.).

As discussed above in connection with FIG. 1, the information in thesecure fields may, once obscured, be revealed again when a timerexpires, and/or when the user takes a subsequent action (e.g., tilts thecomputing device 102, swipes his or her finger across the display screen104, turns his or head/face back towards the display screen 104, or anyother action described above in connection with FIG. 1). At that time,the display 100 may return to the state shown in FIG. 2A, for example.

The treatment of fields 112, 114, 120, 122 and 124 as secure fields maybe based upon field type designators permanently associated with thosefields (or configured by the user to be associated with those fields),and/or may be based upon data flags accompanying the various values(e.g., name, account number, etc.) when those values are received by thecomputing device 102, for example. Moreover, in some embodiments and/orscenarios, the display 100 may instead be initially presented to theuser/account holder as shown in FIG. 2B (with secure fields obscured),and a user action (e.g., swipe, tilt, etc.) may be required to changethe display 100 to that shown in FIG. 2A (with secure fields revealed).

IV. Exemplary Process Flow for Selectively Obscuring and/or RevealingSensitive Information in at Least One Field of a Computing DeviceDisplay

FIG. 3 depicts a flow diagram of an exemplary method 200 for selectivelyobscuring and/or revealing sensitive information in at least one fieldof a display of a computing device, according to an embodiment. In oneembodiment, the method 200 may be implemented in (e.g., performed by oneor more processors of) a computing device such as the client device 12of FIG. 1, for example.

In the method 200, display data defining a display layout and one ormore fields may be generated, or received, at a computing device (block202). The computing device may be similar to the client device 12 ofFIG. 1 or the computing device 102 of FIGS. 2A and 2B, for example. Thedisplay data may be generated at the computing device if the device isexecuting an application similar to user account application 40 of FIG.1, or may be received at the computing device if the display data isprovided by a web page, for example.

A display may be provided upon a display screen of the computing device(e.g., display screen 54 of FIG. 1) by processing the generated orreceived display data (block 204). Initially, upon being shown to theuser, the display may either obscure first information in a first fieldof the field(s) defined by the display data (e.g., by blurring the firstinformation, blacking out the first information, etc.) or show the firstinformation in the first field. If the display initially obscures thefirst information in the first field, other portions of the display(e.g., text field descriptors, information in other fields, etc.) mayremain visible. While the method 200 is described with respect toobscuring/revealing first information in a first field, it is understoodthat information in one or more other fields may also, in someembodiments, be obscured and/or revealed in the same manner, and/orbased upon the same triggers (e.g., user actions, timer expirations,etc.).

A physical movement of the computing device, or a change in theorientation of a user of the computing device relative to the computingdevice, may be detected by one or more sensors of the computing device(block 206). The sensor(s) may be similar to sensor(s) 56 of FIG. 1, forexample. Detecting the physical movement or change in orientation mayinclude detecting whether the user is looking at the display screen(e.g., if the sensor(s) include a camera that can sense the direction orfocus of the user's gaze), detecting that the user has moved thecomputing device relative to the user (e.g., if the sensor(s) include acamera that can sense the position of the user's head and/or shouldersrelative to the display screen), and/or detecting that the computingdevice has been tilted (e.g., if the sensor(s) include anaccelerometer), for example. If movement of the user relative to thecomputing device is detected, the relative movement may be a result ofthe user moving, and/or a result of the user moving the computingdevice, for example.

In response to the sensor(s) detecting the physical movement or thechange in orientation, the display may be caused to either show thefirst information in the first field (if the display had initiallyobscured the first information), or obscure the first information in thefirst field (if the display had initially shown the first information)without obscuring the entirety of the display (block 208). The firstinformation may be obscured by blurring the first information orblacking or graying out the first information, for example.

The method 200 may also include one or more additional blocks not shownin FIG. 3. For example, the method 200 may include a first additionalblock in which user authentication data entered by the user of thecomputing device, and associated with an account of the user (e.g., bankaccount, insurance policy/account, etc.), is received at the computingdevice (e.g., received via a user interface of the computing device). Inthis embodiment, the display may be provided at block 204 in response toreceiving the user authentication data, and the field(s) of the displaymay be fields for displaying information associated with the account.

As another example, if the display initially shows the firstinformation, and if the display screen is a touch screen, the method 200may include a first additional block, occurring after block 208, inwhich the sensor(s) detect a single user gesture (e.g., a swipe) on thetouch screen. In this embodiment, the method 200 may also include asecond additional block in which, in response to the sensor(s) detectingthe single user gesture, the display may be caused to again show thefirst information in the first field.

As another example, if the display initially shows the firstinformation, the method 200 may include a first additional block,occurring after block 208, in which the sensor(s) detect a subsequentphysical movement of the computing device and/or a subsequent change inorientation of the user of the computing device relative to thecomputing device. In this embodiment, the method 200 may also include asecond additional block in which, in response to the sensor(s) detectingthe subsequent physical movement or change in orientation, the displaymay be caused to again show the first information in the first field.

As another example, if the display initially obscures the firstinformation, and if the display screen is a touch screen, the method 200may include a first additional block, occurring after block 208, inwhich the sensor(s) detect a single user gesture (e.g., swipe) on thetouch screen. In this embodiment, the method 200 may also include asecond additional block in which, in response to the sensor(s) detectingthe single user gesture, the display may be caused to again obscure thefirst information in the first field.

As yet another example, if the display initially obscures the firstinformation, the method 200 may include a first additional block,occurring after block 208, in which the sensor(s) detect an expirationof a predetermined time limit (e.g., a time limit starting when thefirst information was revealed). In this embodiment, the method 200 mayalso include a second additional block in which, in response to thesensor(s) detecting the time limit expiration, the display is caused toagain obscure the first information in the first field (withoutobscuring the entirety of the display).

As still another example, if the display initially obscures the firstinformation, the method 200 may include a first additional block,occurring after block 208, in which the sensor(s) detect a subsequentphysical movement of the computing device and/or a subsequent change inorientation of the user of the computing device relative to thecomputing device. In this embodiment, the method 200 may also include asecond additional block in which, in response to the sensor(s) detectingthe subsequent physical movement or change in orientation, the displayis caused to again obscure the first information in the first field(without obscuring the entirety of the display).

V. Exemplary Process Flow for Selectively Obscuring and/or RevealingSensitive Information in Multiple Fields of A Computing Device Display

FIG. 4 depicts a flow diagram of an exemplary method 250 for selectivelyobscuring and/or revealing sensitive information in multiple fields of adisplay of a computing device, according to one embodiment. The method250 may correspond to a particular embodiment and/or scenario of themethod 200 discussed above, and/or may be implemented in (e.g.,performed by one or more processors of) a computing device such as theclient device 12 of FIG. 1, for example.

In the method 250, display data defining a display layout and aplurality of fields may be generated, or received, at a computing device(block 252). The computing device may be similar to the client device 12of FIG. 1 or the computing device 102 of FIGS. 2A and 2B, for example.The display data may be generated at the computing device if the deviceis executing an application similar to user account application 40 ofFIG. 1, or may be received at the computing device if the display datais provided by a web page, for example.

The computing device may determine that a first field of the pluralityof fields is not associated with a security feature, and that second andthird fields of the plurality of fields are associated with the securityfeature (block 254). In some embodiments, the computing device may alsodetermine that one or more additional fields of the plurality of fieldsare not associated with the security feature, and/or may also determinethat one or more additional fields of the plurality of fields areassociated with the security feature. In some embodiments, thedeterminations at block 254 may be made based upon field type indicatorsthat are associated with the first, second and third fields. In otherembodiments, the determinations may be made by processing data (e.g.,flag values) associated with the information used to populate thefields. In these latter embodiments, for example, the first field mayinstead have been treated as a secure field, and/or the second and/orthird fields may instead have been treated as non-secure fields, in apast iteration similar to the method 250.

A display may be provided upon a display screen of the computing device(e.g., display screen 54 of FIG. 1) by processing the generated orreceived display data (block 256). Initially, upon being shown to theuser, the display may either obscure second information in the secondfield and third information in the third field (e.g., by blurring thesecond information and the third information, blacking out theinformation, etc.), or show the second information in the second fieldand the third information in the third field, without obscuring thefirst information in the first field. For example, a policy number in apolicy number field and a coverage limit in a coverage limit field mayinitially both be obscured, while a coverage description in a coveragedescription field is shown.

A physical movement of the computing device, a change in the orientationof a user of the computing device relative to the computing device,and/or a single user gesture made on the display screen of the computingdevice may be detected by one or more sensors of the computing device(block 258). The sensor(s) may be similar to sensor(s) 56 of FIG. 1, forexample. Detecting the physical movement, the change in orientation orthe single user gesture may include detecting whether the user islooking at the display screen (e.g., if the sensor(s) include a camerathat can sense the direction or focus of the user's gaze), detectingthat the user has moved the computing device relative to the user (e.g.,if the sensor(s) include a camera that can sense the position of theuser's head and/or shoulders relative to the display screen), detectingthat the computing device has been tilted (e.g., if the sensor(s)include an accelerometer), or detecting a swipe made by the user on thedisplay screen (e.g., if the sensor(s) include a touch screen sensor ofthe display screen), for example.

In response to detecting the physical movement, the change inorientation or the single user gesture, the display may be caused toeither show the second information in the second field and the thirdinformation in the third field (if the display had initially obscuredthe second information and the third information) while continuing toshow the first information in the first field, or obscure the secondinformation in the second field and the third information in the thirdfield (if the display had initially shown the second information and thethird information) while continuing to show the first information in thefirst field (block 260).

The method 250 may also include one or more additional blocks not shownin FIG. 4. For example, if the display initially shows the secondinformation and third information, the method 250 may include a firstadditional block, occurring after block 260, in which the sensor(s)detect a subsequent physical movement of the computing device, asubsequent change in orientation of the user relative to the computingdevice, or a subsequent single user gesture made on the display screen.In this embodiment, the method 250 may also include a second additionalblock in which, in response to detecting the subsequent physicalmovement, change in orientation or single user gesture, the display iscaused to either again obscure the second information in the secondfield and the third information in the third field (if the displaycurrently shows the second information and the third information) whilecontinuing to show the first information in the first field, or againshow the second information in the second field and the thirdinformation in the third field (if the display currently obscures thesecond information and the third information) while continuing to showthe first information in the first field.

VI. Exemplary Computer System for Enabling a User to Selectively Obscureand/or Reveal Sensitive Information on a Computing Device Display

FIG. 5 depicts an example computer system 300 in which the techniquesdescribed herein may be implemented, according to an embodiment. Thecomputer system 300 of FIG. 5 includes a computing device in the form ofa computer 310. Components of the computer 310 may include, but are notlimited to, a processing unit 320, a system memory 330, and/or a systembus 321 that couples various system components including the systemmemory 330 to the processing unit 320. The system bus 321 may be any ofseveral types of bus structures including a memory bus or memorycontroller, a peripheral bus, or a local bus, and may use any suitablebus architecture. By way of example, and not limitation, sucharchitectures include the Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnect (PCI) bus (also known as Mezzanine bus).

Computer 310 may typically include a variety of computer-readable media.Computer-readable media can be any available media that can be accessedby computer 310 and includes both volatile and nonvolatile media, andboth removable and non-removable media. By way of example, and notlimitation, computer-readable media may comprise computer storage mediaand communication media. Computer storage media may include volatile andnonvolatile, removable and non-removable media implemented in any methodor technology for storage of information such as computer-readableinstructions, data structures, program modules or other data.

Computer storage media may include, but is not limited to, RAM, ROM,EEPROM, FLASH memory or other memory technology, CD-ROM, digitalversatile disks (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium which can be used to store the desired informationand which can accessed by computer 310. Communication media maytypically embody computer-readable instructions, data structures,program modules or other data in a modulated data signal, such as acarrier wave or other transport mechanism, and include any informationdelivery media. The term “modulated data signal” means a signal that hasone or more of its characteristics set or changed in such a manner as toencode information in the signal. By way of example, and not limitation,communication media may include wired media, such as a wired network ordirect-wired connection, and wireless media such as acoustic, radiofrequency (RF), infrared and other wireless media. Combinations of anyof the above are also included within the scope of computer-readablemedia.

The system memory 330 may include computer storage media in the form ofvolatile and/or nonvolatile memory, such as read only memory (ROM) 331and random access memory (RAM) 332. A basic input/output system 333(BIOS), containing the basic routines that help to transfer informationbetween elements within computer 310, such as during start-up, may betypically stored in ROM 331. RAM 332 may typically contain data and/orprogram modules that are immediately accessible to, and/or presentlybeing operated on, by processing unit 320. By way of example, and notlimitation, FIG. 5 illustrates operating system 334, applicationprograms 335, other program modules 336, and program data 337.

The computer 310 may also include other removable/non-removable,volatile/nonvolatile computer storage media. By way of example only,FIG. 5 illustrates a hard disk drive 341 that may read from or write tonon-removable, nonvolatile magnetic media, a magnetic disk drive 351that may read from or write to a removable, nonvolatile magnetic disk352, and an optical disk drive 355 that may read from or write to aremovable, nonvolatile optical disk 356, such as a CD ROM or otheroptical media. Other removable/non-removable, volatile/nonvolatilecomputer storage media that may be used in the exemplary operatingenvironment include, but are not limited to, magnetic tape cassettes,flash memory cards, digital versatile disks, digital video tape, solidstate RAM, solid state ROM, and the like. The hard disk drive 341 may beconnected to the system bus 321 through a non-removable memory interfacesuch as interface 340, and magnetic disk drive 351 and optical diskdrive 355 may be connected to the system bus 321 by a removable memoryinterface, such as interface 350.

The drives and their associated computer storage media discussed aboveand illustrated in FIG. 5 may provide storage of computer-readableinstructions, data structures, program modules and other data for thecomputer 310. In FIG. 5, for example, hard disk drive 341 is illustratedas storing operating system 344, application programs 345, other programmodules 346, and program data 347. Note that these components may eitherbe the same as or different from operating system 334, applicationprograms 335, other program modules 336, and/or program data 337.Operating system 344, application programs 345, other program modules346, and/or program data 347 may be given different numbers here toillustrate that, at a minimum, they are different copies. A user mayenter commands and information into the computer 310 through inputdevices such as cursor control device 361 (e.g., a mouse, trackball,touch pad, etc.) and keyboard 362. A monitor 391 or other type ofdisplay device may also be connected to the system bus 321 via aninterface, such as a video interface 390. In addition to the monitor,computers may also include other peripheral output devices such asprinter 396, which may be connected through an output peripheralinterface 395.

The computer 310 may operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computer380. The remote computer 380 may be a personal computer, a server, arouter, a network PC, a peer device or other common network node, andtypically includes many or all of the elements described above relativeto the computer 310, although only a memory storage device 381 has beenillustrated in FIG. 5. The logical connections depicted in FIG. 5 mayinclude a local area network (LAN) 371 and a wide area network (WAN)373, and may also include other networks. Such networking environmentsare commonplace in hospitals, offices, enterprise-wide computernetworks, intranets and the Internet.

When used in a LAN networking environment, the computer 310 is connectedto the LAN 371 through a network interface or adapter 370. When used ina WAN networking environment, the computer 310 may typically include amodem 372 or other means for establishing communications over the WAN373, such as the Internet. The modem 372, which may be internal orexternal, may be connected to the system bus 321 via the input interface360, or other appropriate mechanism. The communications connections 370,372, which allow the device to communicate with other devices, are anexample of communication media, as discussed above. In a networkedenvironment, program modules depicted relative to the computer 310, orportions thereof, may be stored in the remote memory storage device 381.By way of example, and not limitation, FIG. 5 illustrates remoteapplication programs 385 as residing on memory device 381.

The techniques for enabling a user to selectively obscure and/or revealsensitive information described above may be implemented in part or intheir entirety within a computer system, such as the computer system 300illustrated in FIG. 5. The computer 310 may be a portable/mobile orstationary computing device of a customer (e.g., the client device 12 ofFIG. 1), and the remote computer 380 may be a server device associatedwith a bank, employer, insurance provider or other entity (e.g., aserver within the computing system 14 of FIG. 1), for example. In somesuch embodiments, the LAN 371 may be omitted (e.g., communicationsbetween computer 310 and computer 380 may only occur via WAN 373).Application programs 335 and 345 may include the user accountapplication 40 of FIG. 1 and/or a web browser application, for example.Remote computer 380 may receive user authentication information (e.g.,login and password) from computer 310, authenticate the userauthentication information, and provide the appropriate account data tocomputer 310 as discussed above, for example. As another example,computer 310 may provide the user with a display such as the display 100of FIGS. 2A and 2B via monitor 391 (or a touch screen, etc.), and maycause the information in the appropriate fields to be obscured and/orrevealed as described above.

VII. Exemplary Method Embodiments

In one aspect, a computer-implemented method may include generating orreceiving, at a computing device, display data defining a display layoutand one or more fields. The method may also include providing, upon adisplay screen of the computing device and by processing the displaydata, a display that initially either (i) obscures first information ina first field of the one or more fields without obscuring an entirety ofthe display, or (ii) shows the first information in the first field. Themethod may also include detecting, by one or more sensors of thecomputing device, (i) a physical movement of the computing device, or(ii) a change in orientation of a user of the computing device relativeto the computing device. The method may also include, in response to theone or more sensors detecting the physical movement or the change inorientation, causing the display to either (i) if the display initiallyobscures the first information in the first field, show the firstinformation in the first field, or (ii) if the display initially showsthe first information in the first field, obscure the first informationin the first field without obscuring the entirety of the display,respectively. As a result, enhanced security for sensitive orconfidential information may be provided. The method may includeadditional, fewer or alternative actions, such as any of those discussedelsewhere herein.

For instance, detecting a physical movement or a change in orientationmay include detecting whether the user is looking at the display screenof the computing device, detecting that the user has moved the computingdevice relative to the user, or detecting that the computing device hasbeen tilted.

Additionally or alternatively, providing a display may include providinga display that initially shows the first information in the first field,and causing the display to either show the first information or obscurethe first information may include causing the display to obscure thefirst information in the first field without obscuring the entirety ofthe display.

Additionally or alternatively, the display screen may be a touch screen,and the method may further include, after causing the display to obscurethe first information in the first field, detecting, by the one or moresensors, a single user gesture made on the touch screen, and, inresponse to the one or more sensors detecting the single user gesture,causing the display to again show the first information in the firstfield.

Additionally or alternatively, the method may further include, aftercausing the display to obscure the first information in the first field,detecting, by the one or more sensors, (i) a subsequent physicalmovement of the computing device or (ii) a subsequent change inorientation of the user of the computing device relative to thecomputing device, and, in response to the one or more sensors detectingthe subsequent physical movement or the subsequent change inorientation, causing the display to again show the first information inthe first field.

Additionally or alternatively, detecting a physical movement or a changein orientation may include detecting that the user is no longer lookingat the display screen of the computing device, and detecting asubsequent physical movement or a subsequent change in orientation mayinclude detecting that the user is again looking at the display screenof the computing device.

Additionally or alternatively, providing a display may include providinga display that initially obscures the first information in the firstfield without obscuring the entirety of the display, and causing thedisplay to either show the first information or obscure the firstinformation may include causing the display to show the firstinformation in the first field.

Additionally or alternatively, the method may further include, aftercausing the display to show the first information in the first field,detecting, by the one or more sensors, an expiration of a predeterminedtime limit, and, in response to the one or more sensors detecting theexpiration of the predetermined time limit, causing the display to againobscure the first information in the first field without obscuring theentirety of the display.

Additionally or alternatively, the display screen may be a touch screen,and the method may further include, after causing the display to showthe first information in the first field, detecting, by the one or moresensors, a single user gesture made on the touch screen, and, inresponse to the one or more sensors detecting the single user gesture,causing the display to again obscure the first information in the firstfield without obscuring the entirety of the display.

Additionally or alternatively, the method may further include, aftercausing the display to show the first information in the first field,detecting, by the one or more sensors, (i) a subsequent physicalmovement of the computing device or (ii) a subsequent change inorientation of the user of the computing device relative to thecomputing device, and, in response to the one or more sensors detectingthe subsequent physical movement or the subsequent change inorientation, causing the display to again obscure the first informationin the first field without obscuring the entirety of the display.

Additionally or alternatively, the method may further include receiving,at the computing device, user authentication data entered by the user ofthe computing device and associated with an account, providing thedisplay may be in response to receiving the user authentication data,and the one or more fields may be for displaying information associatedwith the account.

In another aspect, a computer-implemented method may include generatingor receiving, at a computing device, display data defining a displaylayout and a plurality of fields. The method may also includedetermining, by the computing device, (i) that a first field of theplurality of fields is not associated with a security feature, and (ii)that a second field and a third field of the plurality of fields areassociated with the security feature. The method may also includeproviding, upon a display screen of the computing device and byprocessing the display data, a display that shows first information inthe first field, and initially either (i) obscures second information inthe second field and third information in the third field, or (ii) showsthe second information in the second field and the third information inthe third field. The method may also include detecting, by one or moresensors of the computing device, (i) a physical movement of thecomputing device, (ii) a change in orientation of a user of thecomputing device relative to the computing device, or (iii) a singleuser gesture made on the display screen of the computing device. Themethod may also include, in response to detecting the physical movement,the change in orientation, or the single user gesture, causing thedisplay to either (i) if the display initially obscures the secondinformation in the second field and the third information in the thirdfield, show the second information in the second field and the thirdinformation in the third field while continuing to show the firstinformation in the first field, or (ii) if the display initially showsthe second information in the second field and the third information inthe third field, obscure the second information in the second field andthe third information in the third field while continuing to show thefirst information in the first field. The method may include additional,fewer or alternative actions, such as any of those discussed elsewhereherein.

For instance, detecting a physical movement, a change in orientation, ora single user gesture may include detecting whether the user is lookingat the display screen, detecting that the user has moved the computingdevice relative to the user, detecting that the computing device hasbeen tilted, or detecting a swipe by the user on the display screen ofthe computing device.

Additionally or alternatively, the method may further include, aftercausing the display to either show the second information and the thirdinformation or obscure the second information and the third information,detecting, by the one or more sensors of the computing device, (i) asubsequent physical movement of the computing device, (ii) a subsequentchange in orientation of the user of the computing device relative tothe computing device, or (iii) a subsequent single user gesture made onthe display screen of the computing device, and, in response todetecting the subsequent physical movement, the subsequent change inorientation, or the subsequent single user gesture, causing the displayto either (i) if the display currently shows the second information inthe second field and the third information in the third field, againobscure the second information in the second field and the thirdinformation in the third field while continuing to show the firstinformation in the first field, or (ii) if the display currentlyobscures the second information in the second field and the thirdinformation in the third field, again show the second information in thesecond field and the third information in the third field whilecontinuing to show the first information in the first field.

VII. Exemplary Computing Device Embodiments

In another aspect, a computing device may include a display screen, oneor more sensors, one or more processors and a non-transitory,computer-readable memory storing instructions. The instructions may,when executed by the one or more processors, cause the computing deviceto generate or receive display data defining a display layout and one ormore fields. The instructions may also cause the computing device toprovide, upon the display screen and by processing the display data, adisplay that initially either (i) obscures first information in a firstfield of the one or more fields without obscuring an entirety of thedisplay, or (ii) shows the first information in the first field. Theinstructions may also cause the computing device to, in response to theone or more sensors detecting (i) a physical movement of the computingdevice, or (ii) a change in orientation of a user of the computingdevice relative to the computing device, cause the display to either, ifthe display initially obscures the first information in the first field,show the first information in the first field, or, if the displayinitially shows the first information in the first field, obscure thefirst information in the first field without obscuring the entirety ofthe display. The computing device may include additional, fewer oralternative components, and/or components with additional, less oralternative functionality, such as any of the components and/orfunctionality discussed elsewhere herein.

For instance, the one or more sensors may be configured to detect thephysical movement or the change in orientation at least in part bydetecting whether the user is looking at the display screen, detectingthat the user has moved the computing device relative to the user, ordetecting that the computing device has been tilted.

Additionally or alternatively, the instructions may cause the computingdevice to provide a display that initially shows the first informationin the first field, and, in response to the one or more sensorsdetecting the physical movement or the change in orientation, cause thedisplay to obscure the first information in the first field withoutobscuring the entirety of the display.

Additionally or alternatively, the one or more sensors may be configuredto detect whether the user is looking at the display screen, and theinstructions may cause the computing device to cause the display toobscure the first information in the first field in response to the oneor more sensors detecting that the user is no longer looking at thedisplay screen, and, after causing the display to obscure the firstinformation in the first field, and in response to the one or moresensors detecting the user is again looking at the display screen, causethe display to again show the first information in the first field.

Additionally or alternatively, the display screen may be a touch screen,the one or more sensors may be configured to detect user gestures on thetouch screen, and the instructions may cause the computing device to,after causing the display to obscure the first information in the firstfield and in response to the one or more sensors detecting a single usergesture made on the touch screen, cause the display to again show thefirst information in the first field.

Additionally or alternatively, the instructions may cause the computingdevice to provide a display that initially obscures the firstinformation in the first field, and, in response to the one or moresensors detecting the physical movement or the change in orientation,cause the display to show the first information in the first field.

Additionally or alternatively, the instructions may cause the computingdevice to, after causing the display to show the first information inthe first field, detect an expiration of a predetermined time limit,and, in response to detecting the expiration of the predetermined timelimit, cause the display to again obscure the first information in thefirst field without obscuring the entirety of the display.

Additionally or alternatively, the display screen may be a touch screen,the one or more sensors may be configured to detect user gestures on thetouch screen, and the instructions may cause the computing device to,after causing the display to show the first information in the firstfield and in response to the one or more sensors detecting a single usergesture made on the touch screen, cause the display to again obscure thefirst information in the first field without obscuring the entirety ofthe display.

IX. Additional Considerations

The following additional considerations apply to the foregoingdiscussion. Throughout this specification, plural instances mayimplement operations or structures described as a single instance.Although individual operations of one or more methods are illustratedand described as separate operations, one or more of the individualoperations may be performed concurrently, and nothing requires that theoperations be performed in the order illustrated. These and othervariations, modifications, additions, and improvements fall within thescope of the subject matter herein.

Unless specifically stated otherwise, discussions herein using wordssuch as “processing,” “computing,” “calculating,” “determining,”“presenting,” “displaying,” or the like may refer to actions orprocesses of a machine (e.g., a computer) that manipulates or transformsdata represented as physical (e.g., electronic, magnetic, or optical)quantities within one or more memories (e.g., volatile memory,non-volatile memory, or a combination thereof), registers, or othermachine components that receive, store, transmit, or displayinformation.

As used herein any reference to “one embodiment” or “an embodiment”means that a particular element, feature, structure, or characteristicdescribed in connection with the embodiment is included in at least oneembodiment. The appearances of the phrase “in one embodiment” in variousplaces in the specification are not necessarily all referring to thesame embodiment.

As used herein, the terms “comprises,” “comprising,” “includes,”“including,” “has,” “having” or any other variation thereof, areintended to cover a non-exclusive inclusion. For example, a process,method, article, or apparatus that comprises a list of elements is notnecessarily limited to only those elements but may include otherelements not expressly listed or inherent to such process, method,article, or apparatus. Further, unless expressly stated to the contrary,“or” refers to an inclusive or and not to an exclusive or. For example,a condition A or B is satisfied by any one of the following: A is true(or present) and B is false (or not present), A is false (or notpresent) and B is true (or present), and both A and B are true (orpresent).

In addition, use of “a” or “an” is employed to describe elements andcomponents of the embodiments herein. This is done merely forconvenience and to give a general sense of the invention. Thisdescription should be read to include one or at least one and thesingular also includes the plural unless it is obvious that it is meantotherwise.

Upon reading this disclosure, those of skill in the art will appreciatestill additional alternative structural and functional designs for asystem and a process of enabling a user to selectively obscure and/orreveal sensitive information on a computing device display through theprinciples disclosed herein. Thus, while particular embodiments andapplications have been illustrated and described, it is understood thatthe disclosed embodiments are not limited to the precise constructionand components disclosed herein. Various modifications, changes andvariations, which will be apparent to those skilled in the art, may bemade in the arrangement, operation and details of the methods andsystems disclosed herein without departing from the spirit and scopedefined in the appended claims.

The patent claims at the end of this patent application are not intendedto be construed under 35 U.S.C. § 112(f) unless traditionalmeans-plus-function language is expressly recited, such as “means for”or “step for” language being explicitly recited in the claim(s).

What is claimed:
 1. A computer-implemented method of selectivelyobscuring sensitive information on a computer display, the methodcomprising: providing, on a display screen of the computing device, adisplay that initially obscures a first item of information in a firstsecure field of one or more fields in a display layout without obscuringan entirety of the display; detecting, using at least a camera of thecomputing device, a change in orientation of a user of the computingdevice relative to the computing device; in response to the change inorientation, causing the display to show the first item of informationin the first secure field; and after causing the display to show thefirst item of information in the first secure field, (i) detecting anexpiration of a predetermined time limit, and (ii) in response todetecting the expiration of the predetermined time limit, causing thedisplay to again obscure the first item of information in the firstsecure field without obscuring the entirety of the display.
 2. Thecomputer-implemented method of claim 1, the method further comprising:detecting, at the computing device, whether the user is looking at thedisplay screen, wherein causing the display to show the first item ofinformation in the first secure field is in response to detecting (i)the change in orientation, and (ii) whether the user is looking at thedisplay screen.
 3. The computer-implemented method of claim 1, themethod further comprising: detecting, at the computing device, whetherthe user is looking at the display screen.
 4. The computer-implementedmethod of claim 3, wherein causing the display to show the first item ofinformation in the first secure field is in response to detecting thechange in orientation and detecting whether the user is looking at thedisplay screen.
 5. The computer-implemented method of claim 1, themethod further comprising: generating or receiving, at the computingdevice, one or more items of information, wherein each item ofinformation (i) is to be displayed in a respective field of the one ormore fields, and (ii) has an associated data flag that designateswhether the item of information is sensitive.
 6. Thecomputer-implemented method of claim 5, the method further comprising:determining one or more secure fields, at least by, for each field ofthe one or more fields, processing the data flag associated with theitem of information to be displayed in the field, and if the data flagdesignates that the item of information is sensitive, designating thefield as a secure field.
 7. The computer-implemented method of claim 6,the method further comprising: detecting, at the computing device,whether the user is looking at the display screen.
 8. Thecomputer-implemented method of claim 7, wherein causing the display toshow the first item of information in the first secure field is inresponse to detecting the change in orientation and detecting the changein orientation and detecting whether the user is looking at the displayscreen.
 9. The computer-implemented method of claim 1, the methodfurther comprising: receiving, at the computing device, userauthentication data entered by the user of the computing device andassociated with an account, wherein providing the display is in responseto receiving the user authentication data, and wherein the one or morefields are for displaying information associated with the account.
 10. Acomputer device configured to selectively obscure sensitive informationon a display screen, the computer device comprising: a display screen; acamera; one or more processors; and a non-transitory, computer-readablememory storing instructions that, when executed by the one or moreprocessors, cause the computing device to: provide, on the displayscreen of the computing device, a display that initially obscures afirst item of information in a first secure field of one or more fieldsin a display layout without obscuring an entirety of the display;detect, using at least a camera of the computing device, a change inorientation of a user of the computing device relative to the computingdevice; in response to the change in orientation, cause the display toshow the first item of information in the first secure field; and aftercausing the display to show the first item of information in the firstsecure field, (i) detect an expiration of a predetermined time limit,and (ii) in response to detecting the expiration of the predeterminedtime limit, cause the display to again obscure the first item ofinformation in the first secure field without obscuring the entirety ofthe display.
 11. The computer device of claim 10, wherein theinstructions cause the computing device to: detect, using the camera,whether the user is looking at the display screen; and cause the displayto show the first item of information in the first secure field inresponse to detecting (i) the change in orientation, and (ii) whetherthe user is looking at the display screen.
 12. The computer device ofclaim 10, wherein the instructions cause the computing device to detectwhether the user is looking at the display screen.
 13. The computerdevice of claim 12, wherein the instructions cause the computing deviceto cause the display to show the first item of information in the firstsecure field in response to detecting the change in orientation anddetecting whether the user is looking at the display screen.
 14. Thecomputer device of claim 10, wherein the instructions cause thecomputing device to: generate or receive, at the computing device, oneor more items of information, wherein each item of information (i) is tobe displayed in a respective field of the one or more fields, and (ii)has an associated data flag that designates whether the item ofinformation is sensitive.
 15. The computer device of claim 14, whereinthe instructions cause the computing device to: determine one or moresecure fields, at least by, for each field of the one or more fields:processing the data flag associated with the item of information to bedisplayed in the field, and if the data flag designates that the item ofinformation is sensitive, designating the field as a secure field. 16.The computer device of claim 15, wherein the instructions cause thecomputing device to detect whether the user is looking at the displayscreen.
 17. The computer device of claim 16, wherein the instructionscause the computing device to cause the display to show the first itemof information in the first secure field in response to detecting thechange in orientation and detecting whether the user is looking at thedisplay screen.
 18. The computer device of claim 10, wherein theinstructions cause the computing device to: receive, at the computingdevice, user authentication data entered by the user of the computingdevice and associated with an account, wherein providing the display isin response to receiving the user authentication data, and wherein theone or more fields are for displaying information associated with theaccount.
 19. A computer-implemented method of selectively obscuringsensitive information on a computer display, the method comprising:providing, on a display screen of the computing device, a display thatinitially obscures a first item of information in a first secure fieldof one or more fields in a display layout without obscuring an entiretyof the display; detecting, using the computing device, a change inorientation of a user of the computing device relative to the computingdevice; in response to the change in orientation, causing the display toshow the first item of information in the first secure field; and aftercausing the display to show the first item of information in the firstsecure field, (i) detecting an expiration of a predetermined time limit,and (ii) in response to detecting the expiration of the predeterminedtime limit, causing the display to again obscure the first item ofinformation in the first secure field without obscuring the entirety ofthe display.
 20. The computer-implemented method of claim 19, the methodfurther comprising: detecting, at the computing device, whether the useris looking at the display screen, wherein causing the display to showthe first item of information in the first secure field is in responseto detecting (i) the change in orientation, and (ii) whether the user islooking at the display screen.